NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.

 

In this issue — May 12, 2021

  • Biden Vows to Protect Oil, Gas and Water Infrastructure
  • Prosecutors Recommend 17-Year Sentence for Ex-Green Beret Convicted of Spying
  • DHS Launches Warning System to Find Domestic Terrorism Threats on Social Media
  • What We Know About the Ransomware Attack on a Critical U.S. Pipeline
  • Group Details Work of Suspected Chinese Hackers Under Indictment in U.S.
  • Honeywell Fined $13M for Defense Export Violations
  • China on Campus: How the DOJ Has Battled 'Nontraditional Espionage'
  • DoD Expands Vulnerability Disclosure Program, Giving Hackers More Approved Targets
  • 3 Bills Focus on Enhancing Electrical Grid Cybersecurity
  • Potential Directed-Energy Attacks Near White House Called ‘Critically Important’

Biden Vows to Protect Oil, Gas and Water Infrastructure (Nikkei Asia, 5/11/21)

The weekend cyberattack on a major U.S. pipeline system served as a grim reminder of the threat facing infrastructure that forms the backbone of the economy as incidents occur with increasing frequency. Cyberattacks on key infrastructure -- including energy networks, factories and water supply systems -- rose 50% across the world from the prior year in 2020, according to IBM.  In a growing number of cases, state actors are suspected to be involved.

The FBI confirmed on Monday that the ransomware group responsible for the pipeline network is DarkSide, an experienced group of cyber criminals who have already hacked into scores of companies in the U.S. and Europe.  The targeted pipeline, which provides the East Coast with nearly half of its gasoline and jet fuel, has remained shut since Friday.  The operator, Colonial Pipeline, says it expects to 'substantially' restore operations by the end of the week.  President Joe Biden on Monday said his administration "is committed to safeguarding our critical infrastructure." More

Prosecutors Recommend 17-Year Sentence for Former Green Beret Convicted of Spying for Russia (Stars and Stripes, 5/10/21)

Federal prosecutors are seeking a 17-year prison sentence for a former Green Beret who pleaded guilty last year to providing classified information to Russian military intelligence for over a decade.  The recommendation was filed Friday in U.S. federal court in Virginia, following Peter Rafael Dzibinski Debbins’ guilty plea last November to a charge of participating in an espionage conspiracy with Russian agents from December 1996 to January 2011.

“Debbins, who has family ties to Russia, committed the offense for primarily ideological reasons: he considered himself a ‘loyal son’ of Russia and believed that America needed to be ‘cut down to size,’” the court filing stated.  Debbins’ lawyer asked the court for leniency in a separate filing, describing his client as a man with psychological pathologies who felt trapped by circumstances, including secret same-sex attraction that he feared the Russians might use against him to ruin his Army career during the era of “don’t ask, don’t tell.” More


DHS Launches Warning System to Find Domestic Terrorism Threats on Social Media (NBC News, 5/10/21)

The DHS has begun implementing a strategy to gather and analyze intelligence about security threats from public social media posts, officials said.  The goal is to build a warning system to detect the sort of posts that appeared to predict an attack on the U.S. Capitol on Jan. 6 but were missed or ignored by law enforcement and intelligence agencies, the officials added.

The focus is not on the identity of the posters but rather on gleaning insights about potential security threats based on emerging narratives and grievances.  So far, DHS is using human beings, not computer algorithms, to make sense of the data, the officials said.  "We're not looking at who are the individual posters," said a senior official involved in the effort.  "We are looking at what narratives are resonating and spreading across platforms.  From there you may be able to determine what are the potential targets you need to protect." More

******************************************************************************************

Meet Your NISPOM Security Awareness Requirements with ESC
Protecting classified information depends more than ever on the human element of security — employees. The sad fact is, employees are still the weakest link in the security chain because they’re not trained to be security-conscious.  Industry studies reveal that lax employee attitudes and mistakes are the #1 cause of security breaches and “deficiencies”.  And when government reps visit your facility during regular and unannounced inspections, it’s not the security department they’ll be focusing on — it’s your employees!

Don’t wait for an “unsatisfactory” inspection result.  Protect yourself with NSI’s EMPLOYEE SECURITY CONNECTION – the proven security awareness solution exclusively for cleared defense contractors and government agencies.  It’s the best way to ensure your employees are prepared for your next government security inspection.  To learn more about how this valuable resource can help motivate your employees to practice good security habits…help you achieve better inspection results…and satisfy a major NISPOM awareness requirement… please click on the following link: https://nsi.org/es-connection.html

******************************************************************************************

What We Know About the Ransomware Attack on a Critical U.S. Pipeline (NPR, 5/10/21)

A critical pipeline that runs from refineries on the U.S. Gulf Coast to terminals as far north as New York was shut down over the weekend after being hit by a massive ransomware attack.  The company said Monday evening that its Line 4 between Greensboro, N.C., and Woodbine, Md., was operating under manual control, although its main lines were still shut down.

In remarks Monday at the White House, President Biden said the federal government is investigating the attack.  Colonial Pipeline Co., which operates a 5,500-mile pipeline that delivers 45% of the gasoline and jet fuel supplied to the U.S. East Coast, said Friday that it had been the victim of a ransomware attack.  The BBC reported that Colonial's network was compromised on Thursday and almost 100 gigabytes of data were taken hostage.  The hackers reportedly locked the data on some computers and servers and are threatening to leak it to the internet if the undisclosed ransom is not paid. More


Group Details Work of Suspected Chinese Hackers Under Indictment in U.S. (Cyber Scoop, 5/6/21)

Intrusion Truth, a mysterious group known for exposing suspected Chinese cyber-espionage operations, last week published a new investigation that traced front companies allegedly used by two Chinese men whom a U.S. grand jury indicted last year.  The findings shed light on a dynamic that U.S. law enforcement officials say is increasingly common: foreign intelligence services’ use of front companies to try to conceal their hacking operations.

The details also come at a time when Biden administration officials are dealing with the fallout of another suspected Chinese hacking campaign in which attackers leveraged widely used Microsoft software.  The DOJ has alleged that the suspects, Li Xiaoyu and Dong Jiazhi, met at university before embarking on a decade of malicious cyber activity, sometimes for personal financial gain and other times on behalf of the Ministry of State Security, China’s civilian intelligence agency.  In some cases, the men allegedly probed the networks of U.S. firms working on a coronavirus vaccine. More


Honeywell Fined $13M for Defense Export Violations (Defense News, 5/5/21)

The State Department last week announced it reached a $13 million settlement with defense firm Honeywell over allegations it exported technical drawings of parts for the F-35 fighters and other weapons platforms to China and other foreign countries.  The Charlotte, North Carolina-based company faced 34 charges involving drawings it shared with China, Taiwan, Canada and Ireland, according to the Bureau of Political-Military Affairs’ charging document.

The State Department alleged some of the transmissions harmed national security, which Honeywell acknowledges with the caveat that the technology involved “is commercially available throughout the world.”  All together, the materials pertained to the F-35 Joint Strike Fighter, the B-1B Lancer long-range strategic bomber, the F-22 fighter, the C-130 transport aircraft, the A-7H Corsair aircraft, the A-10 Warthog aircraft, the Apache Longbow helicopter, the M1A1 Abrams tank, the tactical Tomahawk missile, the F/A-18 Hornet fighter, and the F135, F414, T55 and CTS800 turboshaft engines. More


China on Campus: How the DOJ Has Battled 'Nontraditional Espionage' (Washington Examiner, 5/5/21)

The DOJ’s China Initiative is shining the spotlight on the Chinese Communist Party’s coordinated and multifaceted efforts to steal research and technology from academic institutions across the country, with prosecutors mounting aggressive efforts over the past few years to crack down on Chinese malign influence at U.S. universities.  Attorney General Merrick Garland appeared before the House Appropriations Committee last week and was pressed on what the DOJ was doing to counter China, especially with regard to the Chinese government’s massive theft of intellectual property at public and private institutions.

“Within the last month or so, the intelligence community has identified China as a threat ... with respect to espionage, with respect to theft of intellectual property, so the FBI is working very hard on these issues,” Garland replied.  “There’s also obviously a very important cybercrime and cyber-hacking element of this, so a lot of money and new resources are being put into protecting against that hacking, then prosecuting where we’re unsuccessful at protection and then plugging the holes.” More


DoD Expands Vulnerability Disclosure Program, Giving Hackers More Approved Targets (Cyber Scoop, 5/5/21)

The Pentagon is letting outside hackers go after more DoD targets than ever before, in an effort to learn vulnerabilities before foreign hackers do, the DoD announced last week.  The program, “Hack the Pentagon,” is expanding the number of targets that ethical hackers can go after to try to ferret out vulnerabilities, according to the announcement.  The program, which launched in 2016, previously allowed cybersecurity professionals to test DoD systems when it involved public-facing websites and applications.

Now, interested hackers may go after all publicly accessible DoD information systems, including networks, Internet of Things devices, and industrial control systems.  “This expansion is a testament to transforming the government’s approach to security and leapfrogging the current state of technology within DoD,” said Brett Goldstein, director of the Defense Digital Service. More


3 Bills Focus on Enhancing Electrical Grid Cybersecurity (Gov Info Security, 5/5/21)

Lawmakers in the Senate and House have introduced legislation designed to improve and enhance the nation's electrical grid and respond to concerns that the country's power system is prone to cyberthreats.  Last week, Reps. Bob Latta, R-Ohio, and Jerry McNerney, D-Calif., introduced a pair of bills: the Cyber Sense Act and the Enhancing Grid Security Through Public-Private Partnerships Act.  The bills would direct the Department of Energy to work with private electrical and power utilities to improve cybersecurity across the nation's grid.

Meanwhile, Sen. Angus King, I-Maine, is leading a bipartisan group in the Senate reintroducing the Protecting Resources on the Electric Grid with Cybersecurity Technology Act, which would provide incentives to electric utilities to make cybersecurity investments.  The proposed Senate bill would also direct the DOE to create grants and programs to offer technical and cybersecurity assistance to smaller utilities that are not regulated by the Federal Energy Regulatory Commission, which regulates the interstate transmission of electricity. More


Potential Directed-Energy Attacks Near White House Called ‘Critically Important’ (HS Today, 5/4/21)

Mysterious attacks that have been leaving U.S. personnel abroad seriously ill for years and may have recently debuted near the White House are a “critically important” priority for the intelligence community, the ODNI leader said.  At a hearing of the Senate Armed Services Committee, Director of National Intelligence Avril Haines, among a list of national security threats, said that “taking care of our people also means investigating the source of anomalous health incidents that have affected our personnel and caring for those affected.”

According to reports, federal agencies are investigating two incidents in November, including one steps from the White House in which a National Security Council official was sickened, similar to the mysterious “Havana syndrome” attacks in which U.S. personnel began falling ill in 2016 with persistent symptoms including severe headaches, ear ringing or popping, dizziness, loss of balance and nausea.  Reports have since spread beyond Cuba to U.S. personnel affected in China, Russia, and even London.  The other incident involved a White House staffer walking her dog just outside D.C. in Arlington, Va. More


Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit https://www.nsi.org/free-resources/.

UNSUBSCRIBE:

Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at https://www.nsi.org/free-resources/

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call
508-533-9099.

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org

 

 

Impact Postponed Message

*****************************

Help Your Employees Become Cyber Aware

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.



Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button

 

 

h